Design and implementation of low-depth pairing-based homomorphic encryption scheme

Abstract

Homomorphic encryption allows to carry out operations on encrypted data. In this paper, we focus on the design of a scheme based on pairings and elliptic curves, that is able to handle applications where the number of multiplication is not too high, with interesting practical efficiency when compared to lattice-based solutions. The starting point is the Boneh–Goh–Nissim (BGN for short) encryption scheme (Boneh et al. in Kilian J (ed) Theory of cryptography, second theory of cryptography conference, TCC 2005, Cambridge, MA, USA, February 10–12, 2005), which enables the homomorphic evaluation of polynomials of degree at most 2 on ciphertexts. In our scheme, we use constructions coming from Freeman (Gilbert H (ed) Advances in cryptology—EUROCRYPT 2010, 29th annual international conference on the theory and applications of cryptographic techniques, French Riviera, May 30–June 3, 2010) and Catalano and Fiore (Ray I, Li N, Kruegel C (eds) Proceedings of the 22nd ACM SIGSAC conference on computer and communications security, Denver, CO, USA, October 12–16, 2015), to propose a variant of the $${\text {BGN}}$$ scheme that can handle the homomorphic evaluation of polynomials of degree at most 4. We discuss both the mathematical structure of the scheme and its implementation. We provide simulation results, showing the relevance of this solution for applications requiring a low multiplicative depth, and give relative comparison with respect to lattice-based homomorphic encryption schemes.